ESG Research

Abstract:

DevSecOps has moved security front and center in the world of modern development; however, security and development teams are driven by different metrics, making objective alignment challenging. This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices. The move to microservices-driven architectures and the use of containers and serverless have shifted the dynamics of how developers build, test, and deploy code. As a result, a convergence of application security tools is underway. Organizations are overwhelmed with the amount of and overlap in issues raised from multiple testing tools, complicating prioritization and mitigation, so integrated application security platforms are desired.

In order to gain insight into these trends, ESG surveyed 378 IT, cybersecurity, and application development professionals at organizations in North America (US and Canada) involved with securing application development tools and processes.

Abstract:

With most organizations standardizing on cloud-delivered email in an effort to shift costs from CapEx to OpEx, many have assumed that email service providers would automatically include comprehensive security controls. Many of these same organizations found it necessary to add third-party controls either during their migration or at a later date. Many have suffered from phishing-related attacks that led to credential theft and BEC, while others faced the loss of sensitive data through both unintentional and intentional actions.

In order to gain insight into these trends, ESG surveyed 403 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing email security products, processes, and services.

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This master survey results set offers new data concerning:

• Organizational dynamics, buying behavior, and the future of email security.
• Email attacks and threat detection and response.
• Issues with sensitive data in email.
• Bolstering email security with complementary technologies and services.

Abstract:

ESG conducted an in-depth survey of 380 IT and cybersecurity professionals responsible for evaluating, purchasing, and managing endpoint security products, processes, and services. Survey participants represented midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

Survey participants represented a wide range of industries including manufacturing, financial services, healthcare, communications and media, retail, government, and business services. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Abstract:

ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between September 23, 2019 and October 2, 2019. To qualify for this survey, respondents were required to be responsible for evaluating, purchasing, and managing endpoint security technology products and services.

This Master Survey Results presentation focuses on modern endpoint security challenges, plans, and strategies to understand the drivers of endpoint security investments and how decision makers are prioritizing and timing purchase decisions.

Abstract:

While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with a number of high-profile attacks, research conducted by ESG reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership teams. The research further reveals the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.

Abstract:

With continued, persistent phishing attacks affecting organizations of all sizes across all industries, a resurgence of investment in email security solutions is occurring. As organizations shift their email strategies to cloud-delivered providers, most falsely believe that these providers offer comprehensive email security controls. Traditional secure email gateways are no longer sufficient to protect organizations against modern email attack techniques. Third-party email security controls will be required to effectively secure organizations utilizing cloud-delivered email services against modern, sophisticated, email-borne attacks.

Abstract:

There’s been a lot of speculation as to how much Windows Defender (now Microsoft Defender) will impact the endpoint security market. With the continued prevalence of Windows devices in the corporate endpoint landscape, these endpoints continue to be the most vulnerable and most often attacked. With an increasing cadre of endpoint alternatives with better perceived security available to business users, Microsoft is clearly motivated to close this gap by fortifying the security of these devices in a way that enables its continued dominance in the corporate endpoint market. With a majority of organizations now utilizing Defender in a meaningful way, Microsoft is beginning to gain a foothold as a layered security control on the endpoint, but why aren’t organizations ready to go all in with Defender? And with the recent announcements for Mac support, and Linux support on the way, can Microsoft up its game and become a significant player in endpoint security, changing the endpoint security landscape moving forward?